{"id":1029,"date":"2022-11-07T09:29:50","date_gmt":"2022-11-07T14:29:50","guid":{"rendered":"https:\/\/www.searchevolution.com\/security\/?p=1029"},"modified":"2022-11-07T09:29:50","modified_gmt":"2022-11-07T14:29:50","slug":"account-takeover","status":"publish","type":"post","link":"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/","title":{"rendered":"Account takeover"},"content":{"rendered":"

Voici quelques techniques qui permettent de v\u00e9rifier si la s\u00e9curit\u00e9 pour la l’authentification sur votre service est ad\u00e9quate<\/p>\n

Account Takeover via IDOR in Password Reset<\/p>\n

Account Takeover by Password Reset Poisoning<\/p>\n

Acoount Takeover via IDOR (Post Authentication)<\/p>\n

Account Takeover via CSRF<\/p>\n

Account Takeover by Broken Cryptography<\/p>\n

Account Takeover by OAuth Misconfiguration<\/p>\n

Pre-Authentication Account Takeover<\/p>\n

Account Takeover due to Improper Rate-Limit\/Anti-Automation Checks<\/p>\n

Account Takeover by XSS<\/p>\n

Account Takeover by utilizing Sensitive Data Exposure<\/p>\n

Account Takeover due to Weak Security Policies<\/p>\n

Autres techniques pour prendre possession d’un compte<\/h2>\n

Response Body Manipulation<\/p>\n

Status Code Manipulation<\/p>\n

Parameter Pollution<\/p>\n

Mass Assignment<\/p>\n

Token Forging<\/p>\n

Autres resources<\/h2>\n

https:\/\/github.com\/harsh-bothra\/SecurityExplained\/blob\/main\/resources\/account-takeovers-methodology.md<\/p>\n","protected":false},"excerpt":{"rendered":"

Voici quelques techniques qui permettent de v\u00e9rifier si la s\u00e9curit\u00e9 pour la l’authentification sur votre service est ad\u00e9quate Account Takeover via IDOR in Password Reset Account Takeover by Password Reset Poisoning Acoount Takeover via IDOR (Post Authentication) Account Takeover via CSRF Account Takeover by Broken Cryptography Account Takeover by OAuth Misconfiguration Pre-Authentication Account Takeover Account Takeover due to Improper Rate-Limit\/Anti-Automation Checks Account Takeover by XSS Account Takeover by utilizing Sensitive Data Exposure Account Takeover due to Weak Security Policies Autres techniques pour prendre possession d’un compte Response Body Manipulation Status Code Manipulation Parameter Pollution Mass Assignment Token Forging Autres resources <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"yoast_head":"\nAccount takeover - S\u00e9curiser votre site<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Account takeover - S\u00e9curiser votre site\" \/>\n<meta property=\"og:description\" content=\"Voici quelques techniques qui permettent de v\u00e9rifier si la s\u00e9curit\u00e9 pour la l’authentification sur votre service est ad\u00e9quate Account Takeover via IDOR in Password Reset Account Takeover by Password Reset Poisoning Acoount Takeover via IDOR (Post Authentication) Account Takeover via CSRF Account Takeover by Broken Cryptography Account Takeover by OAuth Misconfiguration Pre-Authentication Account Takeover Account Takeover due to Improper Rate-Limit\/Anti-Automation Checks Account Takeover by XSS Account Takeover by utilizing Sensitive Data Exposure Account Takeover due to Weak Security Policies Autres techniques pour prendre possession d’un compte Response Body Manipulation Status Code Manipulation Parameter Pollution Mass Assignment Token Forging Autres resources\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/\" \/>\n<meta property=\"og:site_name\" content=\"S\u00e9curiser votre site\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-07T14:29:50+00:00\" \/>\n<meta name=\"author\" content=\"Germain\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Germain\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/\",\"url\":\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/\",\"name\":\"Account takeover - S\u00e9curiser votre site\",\"isPartOf\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\"},\"datePublished\":\"2022-11-07T14:29:50+00:00\",\"dateModified\":\"2022-11-07T14:29:50+00:00\",\"author\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.searchevolution.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Account takeover\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\",\"url\":\"https:\/\/www.searchevolution.com\/security\/\",\"name\":\"S\u00e9curiser votre site\",\"description\":\"Conna\u00eetre son ennemi\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\",\"name\":\"Germain\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"caption\":\"Germain\"},\"sameAs\":[\"https:\/\/www.searchevolution.com\/security\"],\"url\":\"https:\/\/www.searchevolution.com\/security\/author\/germain\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Account takeover - S\u00e9curiser votre site","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/","og_locale":"fr_CA","og_type":"article","og_title":"Account takeover - S\u00e9curiser votre site","og_description":"Voici quelques techniques qui permettent de v\u00e9rifier si la s\u00e9curit\u00e9 pour la l’authentification sur votre service est ad\u00e9quate Account Takeover via IDOR in Password Reset Account Takeover by Password Reset Poisoning Acoount Takeover via IDOR (Post Authentication) Account Takeover via CSRF Account Takeover by Broken Cryptography Account Takeover by OAuth Misconfiguration Pre-Authentication Account Takeover Account Takeover due to Improper Rate-Limit\/Anti-Automation Checks Account Takeover by XSS Account Takeover by utilizing Sensitive Data Exposure Account Takeover due to Weak Security Policies Autres techniques pour prendre possession d’un compte Response Body Manipulation Status Code Manipulation Parameter Pollution Mass Assignment Token Forging Autres resources","og_url":"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/","og_site_name":"S\u00e9curiser votre site","article_published_time":"2022-11-07T14:29:50+00:00","author":"Germain","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Germain","Estimation du temps de lecture":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/","url":"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/","name":"Account takeover - S\u00e9curiser votre site","isPartOf":{"@id":"https:\/\/www.searchevolution.com\/security\/#website"},"datePublished":"2022-11-07T14:29:50+00:00","dateModified":"2022-11-07T14:29:50+00:00","author":{"@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8"},"breadcrumb":{"@id":"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.searchevolution.com\/security\/2022\/11\/07\/account-takeover\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.searchevolution.com\/security\/"},{"@type":"ListItem","position":2,"name":"Account takeover"}]},{"@type":"WebSite","@id":"https:\/\/www.searchevolution.com\/security\/#website","url":"https:\/\/www.searchevolution.com\/security\/","name":"S\u00e9curiser votre site","description":"Conna\u00eetre son ennemi","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-CA"},{"@type":"Person","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8","name":"Germain","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","caption":"Germain"},"sameAs":["https:\/\/www.searchevolution.com\/security"],"url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/1029"}],"collection":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/comments?post=1029"}],"version-history":[{"count":3,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/1029\/revisions"}],"predecessor-version":[{"id":1032,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/1029\/revisions\/1032"}],"wp:attachment":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/media?parent=1029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/categories?post=1029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/tags?post=1029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}